diff --git a/infrastructure/backups/backup.sh b/infrastructure/backups/backup.sh index 32b9ea83..ddf488cd 100755 --- a/infrastructure/backups/backup.sh +++ b/infrastructure/backups/backup.sh @@ -155,7 +155,7 @@ elif [ "$REPLICAS" = "0" ]; then NETWORK=opencrvs_default echo "Working with no replicas" else - NETWORK=dependencies_overlay_net + NETWORK=dependencies_internal_net # Construct the HOST string rs0/mongo1,mongo2... based on the number of replicas HOST="rs0/" for (( i=1; i<=REPLICAS; i++ )); do diff --git a/infrastructure/backups/restore.sh b/infrastructure/backups/restore.sh index 338e9346..6e674aa1 100755 --- a/infrastructure/backups/restore.sh +++ b/infrastructure/backups/restore.sh @@ -93,7 +93,7 @@ elif [ "$REPLICAS" = "0" ]; then NETWORK=opencrvs_default echo "Working with no replicas" else - NETWORK=dependencies_overlay_net + NETWORK=dependencies_internal_net # Construct the HOST string rs0/mongo1,mongo2... based on the number of replicas HOST="rs0/" for (( i=1; i<=REPLICAS; i++ )); do diff --git a/infrastructure/clear-all-data.sh b/infrastructure/clear-all-data.sh index eb2cda87..93ca3f7a 100755 --- a/infrastructure/clear-all-data.sh +++ b/infrastructure/clear-all-data.sh @@ -44,7 +44,7 @@ if [ "$REPLICAS" = "0" ]; then NETWORK=opencrvs_default echo "Working with no replicas" else - NETWORK=dependencies_overlay_net + NETWORK=dependencies_internal_net # Construct the HOST string rs0/mongo1,mongo2... based on the number of replicas HOST="rs0/" for (( i=1; i<=REPLICAS; i++ )); do diff --git a/infrastructure/deployment/add-networks.ts b/infrastructure/deployment/add-networks.ts index 3a644d05..179d3892 100644 --- a/infrastructure/deployment/add-networks.ts +++ b/infrastructure/deployment/add-networks.ts @@ -32,7 +32,6 @@ function addNetworksToCompose(composeFile: string, networksList: string) { .map((network) => network.trim()) .filter((network) => network.length > 0) .map((stack) => `${stack}_dependencies_net`) - .concat('traefik_net') // Add networks to each service for (const serviceName in composeObject.services) { diff --git a/infrastructure/docker-compose.app.yml b/infrastructure/docker-compose.app.yml index 8788ddf7..7d341299 100644 --- a/infrastructure/docker-compose.app.yml +++ b/infrastructure/docker-compose.app.yml @@ -40,7 +40,7 @@ services: - APN_SERVICE_URL=http://apm-server:8200 - CERT_PUBLIC_KEY_PATH=/run/secrets/jwt-public-key.{{STACK}}.{{ts}} - MONGO_URL=mongodb://${STACK}__notification:${NOTIFICATION_MONGODB_PASSWORD}@mongo1/${STACK}__notification?replicaSet=rs0 - - COUNTRY_CONFIG_URL=http://countryconfig.{{STACK}}_app_net:3040 + - COUNTRY_CONFIG_URL=http://countryconfig.{{STACK}}_{{STACK}}_app_net:3040 deploy: replicas: 1 labels: @@ -68,7 +68,7 @@ services: - 'traefik.http.routers.${STACK}__countryconfig.tls.certresolver=certResolver' - 'traefik.http.routers.${STACK}__countryconfig.entrypoints=web,websecure' - 'traefik.http.routers.${STACK}__countryconfig.middlewares=gzip-compression' - - 'traefik.docker.network={{STACK}}_dependencies_net' + - 'traefik.docker.network=dependencies_{{STACK}}_dependencies_net' - 'traefik.http.middlewares.${STACK}__countryconfig.headers.customresponseheaders.Pragma=no-cache' - 'traefik.http.middlewares.${STACK}__countryconfig.headers.customresponseheaders.Cache-control=no-store' - 'traefik.http.middlewares.${STACK}__countryconfig.headers.customresponseheaders.X-Robots-Tag=none' @@ -89,10 +89,10 @@ services: - QA_ENV=true - HOST=0.0.0.0 - NODE_ENV=production - - FHIR_URL=http://hearth.{{STACK}}_app_net:3447/fhir - - AUTH_URL=http://auth.{{STACK}}_app_net:4040 - - APPLICATION_CONFIG_URL=http://config.{{STACK}}_app_net:2021 - - CONFIRM_REGISTRATION_URL=http://workflow.{{STACK}}_app_net:5050/confirm/registration + - FHIR_URL=http://hearth.{{STACK}}_{{STACK}}_app_net:3447/fhir + - AUTH_URL=http://auth.{{STACK}}_{{STACK}}_app_net:4040 + - APPLICATION_CONFIG_URL=http://config.{{STACK}}_{{STACK}}_app_net:2021 + - CONFIRM_REGISTRATION_URL=http://workflow.{{STACK}}_{{STACK}}_app_net:5050/confirm/registration - MONGO_URL=mongodb://mongo1/${STACK}__user-mgnt?replicaSet=rs0 - CONFIG_MONGO_URL=mongodb://mongo1/${STACK}__application-config?replicaSet=rs0 - APN_SERVICE_URL=http://apm-server:8200 @@ -102,7 +102,7 @@ services: - SENDER_EMAIL_ADDRESS=${SENDER_EMAIL_ADDRESS} # This needs to be the internal swarm url # as containers cannot connect to the web - - GATEWAY_URL=http://gateway.{{STACK}}_app_net:7070 + - GATEWAY_URL=http://gateway.{{STACK}}_{{STACK}}_app_net:7070 - NOTIFICATION_TRANSPORT=${NOTIFICATION_TRANSPORT} - ALERT_EMAIL=${ALERT_EMAIL:-} - SMTP_HOST=${SMTP_HOST:-} @@ -139,7 +139,7 @@ services: - 'traefik.http.routers.${STACK}__login.tls.certresolver=certResolver' - 'traefik.http.routers.${STACK}__login.entrypoints=web,websecure' - 'traefik.http.routers.${STACK}__login.middlewares=gzip-compression' - - 'traefik.docker.network={{STACK}}_dependencies_net' + - 'traefik.docker.network=dependencies_{{STACK}}_dependencies_net' - 'traefik.http.middlewares.${STACK}__login.headers.customresponseheaders.Pragma=no-cache' - 'traefik.http.middlewares.${STACK}__login.headers.customresponseheaders.Cache-control=no-store' - 'traefik.http.middlewares.${STACK}__login.headers.customresponseheaders.X-Robots-Tag=none' @@ -174,7 +174,7 @@ services: - 'traefik.http.routers.${STACK}__client.tls=true' - 'traefik.http.routers.${STACK}__client.tls.certresolver=certResolver' - 'traefik.http.routers.${STACK}__client.entrypoints=web,websecure' - - 'traefik.docker.network={{STACK}}_dependencies_net' + - 'traefik.docker.network=dependencies_{{STACK}}_dependencies_net' - 'traefik.http.middlewares.${STACK}__test-replacepathregex.redirectregex.permanent=true' - 'traefik.http.middlewares.${STACK}__test-replacepathregex.redirectregex.regex=^https?://${STACK}.{{hostname}}/(.*)' @@ -215,18 +215,18 @@ services: - REDIS_HOST=redis - CONFIG_SMS_CODE_EXPIRY_SECONDS=600 - CONFIG_TOKEN_EXPIRY_SECONDS=604800 - - FHIR_URL=http://hearth.{{STACK}}_app_net:3447/fhir - - USER_MANAGEMENT_URL=http://user-mgnt.{{STACK}}_app_net:3030/ - - SEARCH_URL=http://search.{{STACK}}_app_net:9090/ - - METRICS_URL=http://metrics.{{STACK}}_app_net:1050 - - AUTH_URL=http://auth.{{STACK}}_app_net:4040 - - COUNTRY_CONFIG_URL=http://countryconfig.{{STACK}}_app_net:3040 - - NOTIFICATION_URL=http://notification.{{STACK}}_app_net:2020/ - - WORKFLOW_URL=http://workflow.{{STACK}}_app_net:5050/ - - APPLICATION_CONFIG_URL=http://config.{{STACK}}_app_net:2021/ - - WEBHOOKS_URL=http://webhooks.{{STACK}}_app_net:2525/ + - FHIR_URL=http://hearth.{{STACK}}_{{STACK}}_app_net:3447/fhir + - USER_MANAGEMENT_URL=http://user-mgnt.{{STACK}}_{{STACK}}_app_net:3030/ + - SEARCH_URL=http://search.{{STACK}}_{{STACK}}_app_net:9090/ + - METRICS_URL=http://metrics.{{STACK}}_{{STACK}}_app_net:1050 + - AUTH_URL=http://auth.{{STACK}}_{{STACK}}_app_net:4040 + - COUNTRY_CONFIG_URL=http://countryconfig.{{STACK}}_{{STACK}}_app_net:3040 + - NOTIFICATION_URL=http://notification.{{STACK}}_{{STACK}}_app_net:2020/ + - WORKFLOW_URL=http://workflow.{{STACK}}_{{STACK}}_app_net:5050/ + - APPLICATION_CONFIG_URL=http://config.{{STACK}}_{{STACK}}_app_net:2021/ + - WEBHOOKS_URL=http://webhooks.{{STACK}}_{{STACK}}_app_net:2525/ - CHECK_INVALID_TOKEN=true - - DOCUMENTS_URL=http://documents.{{STACK}}_app_net:9050 + - DOCUMENTS_URL=http://documents.{{STACK}}_{{STACK}}_app_net:9050 deploy: labels: - 'traefik.enable=true' @@ -236,7 +236,7 @@ services: - 'traefik.http.routers.${STACK}__gateway.tls.certresolver=certResolver' - 'traefik.http.routers.${STACK}__gateway.entrypoints=web,websecure' - 'traefik.http.routers.${STACK}__gateway.middlewares=gzip-compression' - - 'traefik.docker.network={{STACK}}_dependencies_net' + - 'traefik.docker.network=dependencies_{{STACK}}_dependencies_net' - 'traefik.http.middlewares.${STACK}__gateway.headers.customresponseheaders.Pragma=no-cache' - 'traefik.http.middlewares.${STACK}__gateway.headers.customresponseheaders.Cache-control=no-store' - 'traefik.http.middlewares.${STACK}__gateway.headers.customresponseheaders.X-Robots-Tag=none' @@ -265,15 +265,15 @@ services: - SENTRY_DSN=${SENTRY_DSN:-} - APN_SERVICE_URL=http://apm-server:8200 - CERT_PUBLIC_KEY_PATH=/run/secrets/jwt-public-key.{{STACK}}.{{ts}} - - SEARCH_URL=http://search.{{STACK}}_app_net:9090/ - - METRICS_URL=http://metrics.{{STACK}}_app_net:1050 - - DOCUMENTS_URL=http://documents.{{STACK}}_app_net:9050 - - NOTIFICATION_SERVICE_URL=http://notification.{{STACK}}_app_net:2020/ - - USER_MANAGEMENT_URL=http://user-mgnt.{{STACK}}_app_net:3030/ - - COUNTRY_CONFIG_URL=http://countryconfig.{{STACK}}_app_net:3040 - - FHIR_URL=http://hearth.{{STACK}}_app_net:3447/fhir - - WEBHOOKS_URL=http://webhooks.{{STACK}}_app_net:2525/ - - APPLICATION_CONFIG_URL=http://config.{{STACK}}_app_net:2021/ + - SEARCH_URL=http://search.{{STACK}}_{{STACK}}_app_net:9090/ + - METRICS_URL=http://metrics.{{STACK}}_{{STACK}}_app_net:1050 + - DOCUMENTS_URL=http://documents.{{STACK}}_{{STACK}}_app_net:9050 + - NOTIFICATION_SERVICE_URL=http://notification.{{STACK}}_{{STACK}}_app_net:2020/ + - USER_MANAGEMENT_URL=http://user-mgnt.{{STACK}}_{{STACK}}_app_net:3030/ + - COUNTRY_CONFIG_URL=http://countryconfig.{{STACK}}_{{STACK}}_app_net:3040 + - FHIR_URL=http://hearth.{{STACK}}_{{STACK}}_app_net:3447/fhir + - WEBHOOKS_URL=http://webhooks.{{STACK}}_{{STACK}}_app_net:2525/ + - APPLICATION_CONFIG_URL=http://config.{{STACK}}_{{STACK}}_app_net:2021/ - COUNTRY=${COUNTRY:-bgd} deploy: labels: @@ -302,9 +302,9 @@ services: - APN_SERVICE_URL=http://apm-server:8200 - CERT_PUBLIC_KEY_PATH=/run/secrets/jwt-public-key.{{STACK}}.{{ts}} - HEARTH_MONGO_URL=mongodb://${STACK}__hearth:${HEARTH_MONGODB_PASSWORD}@mongo1/${STACK}__hearth-dev?replicaSet=rs0 - - USER_MANAGEMENT_URL=http://user-mgnt.{{STACK}}_app_net:3030/ - - FHIR_URL=http://hearth.{{STACK}}_app_net:3447/fhir - - APPLICATION_CONFIG_URL=http://config.{{STACK}}_app_net:2021/ + - USER_MANAGEMENT_URL=http://user-mgnt.{{STACK}}_{{STACK}}_app_net:3030/ + - FHIR_URL=http://hearth.{{STACK}}_{{STACK}}_app_net:3447/fhir + - APPLICATION_CONFIG_URL=http://config.{{STACK}}_{{STACK}}_app_net:2021/ deploy: labels: - 'traefik.enable=false' @@ -368,12 +368,12 @@ services: - INFLUX_HOST=influxdb - INFLUX_PORT=8086 - INFLUX_DB=${STACK}_ocrvs - - COUNTRY_CONFIG_URL=http://countryconfig.{{STACK}}_app_net:3040/ - - CONFIG_API_URL=http://config.{{STACK}}_app_net:2021 - - SEARCH_URL=http://search.{{STACK}}_app_net:9090/ - - USER_MANAGEMENT_URL=http://user-mgnt.{{STACK}}_app_net:3030 - - DOCUMENTS_URL=http://documents.{{STACK}}_app_net:9050 - - FHIR_URL=http://hearth.{{STACK}}_app_net:3447/fhir + - COUNTRY_CONFIG_URL=http://countryconfig.{{STACK}}_{{STACK}}_app_net:3040/ + - CONFIG_API_URL=http://config.{{STACK}}_{{STACK}}_app_net:2021 + - SEARCH_URL=http://search.{{STACK}}_{{STACK}}_app_net:9090/ + - USER_MANAGEMENT_URL=http://user-mgnt.{{STACK}}_{{STACK}}_app_net:3030 + - DOCUMENTS_URL=http://documents.{{STACK}}_{{STACK}}_app_net:9050 + - FHIR_URL=http://hearth.{{STACK}}_{{STACK}}_app_net:3447/fhir deploy: placement: constraints: @@ -408,11 +408,11 @@ services: - CLIENT_APP_URL=https://register.${STACK}.{{hostname}} - DOMAIN=${STACK}.{{hostname}} - REDIS_HOST=redis - - USER_MANAGEMENT_URL=http://user-mgnt.{{STACK}}_app_net:3030/ + - USER_MANAGEMENT_URL=http://user-mgnt.{{STACK}}_{{STACK}}_app_net:3030/ - CONFIG_TOKEN_EXPIRY_SECONDS=604800 - CONFIG_SMS_CODE_EXPIRY_SECONDS=600 - - NOTIFICATION_SERVICE_URL=http://notification.{{STACK}}_app_net:2020/ - - METRICS_URL=http://metrics.{{STACK}}_app_net:1050 + - NOTIFICATION_SERVICE_URL=http://notification.{{STACK}}_{{STACK}}_app_net:2020/ + - METRICS_URL=http://metrics.{{STACK}}_{{STACK}}_app_net:1050 deploy: labels: - 'traefik.enable=true' @@ -421,7 +421,7 @@ services: - 'traefik.http.routers.${STACK}__auth.tls=true' - 'traefik.http.routers.${STACK}__auth.tls.certresolver=certResolver' - 'traefik.http.routers.${STACK}__auth.entrypoints=web,websecure' - - 'traefik.docker.network={{STACK}}_dependencies_net' + - 'traefik.docker.network=dependencies_{{STACK}}_dependencies_net' - 'traefik.http.middlewares.${STACK}__auth.headers.customresponseheaders.Pragma=no-cache' - 'traefik.http.middlewares.${STACK}__auth.headers.customresponseheaders.Cache-control=no-store' - 'traefik.http.middlewares.${STACK}__auth.headers.customresponseheaders.X-Robots-Tag=none' @@ -451,11 +451,11 @@ services: - RECORD_SEARCH_QUOTA=2000 - CERT_PUBLIC_KEY_PATH=/run/secrets/jwt-public-key.{{STACK}}.{{ts}} - MONGO_URL=mongodb://${STACK}__user-mgnt:${USER_MGNT_MONGODB_PASSWORD}@mongo1/${STACK}__user-mgnt?replicaSet=rs0 - - NOTIFICATION_SERVICE_URL=http://notification.{{STACK}}_app_net:2020/ - - METRICS_URL=http://metrics.{{STACK}}_app_net:1050 - - FHIR_URL=http://hearth.{{STACK}}_app_net:3447/fhir - - APPLICATION_CONFIG_URL=http://config.{{STACK}}_app_net:2021/ - - DOCUMENTS_URL=http://documents.{{STACK}}_app_net:9050 + - NOTIFICATION_SERVICE_URL=http://notification.{{STACK}}_{{STACK}}_app_net:2020/ + - METRICS_URL=http://metrics.{{STACK}}_{{STACK}}_app_net:1050 + - FHIR_URL=http://hearth.{{STACK}}_{{STACK}}_app_net:3447/fhir + - APPLICATION_CONFIG_URL=http://config.{{STACK}}_{{STACK}}_app_net:2021/ + - DOCUMENTS_URL=http://documents.{{STACK}}_{{STACK}}_app_net:9050 deploy: labels: - 'traefik.enable=false' @@ -482,10 +482,10 @@ services: - MONGO_URL=mongodb://${STACK}__webhooks:${WEBHOOKS_MONGODB_PASSWORD}@mongo1/${STACK}__webhooks?replicaSet=rs0 - CERT_PUBLIC_KEY_PATH=/run/secrets/jwt-public-key.{{STACK}}.{{ts}} - REDIS_HOST=redis - - AUTH_URL=http://auth.{{STACK}}_app_net:4040 - - USER_MANAGEMENT_URL=http://user-mgnt.{{STACK}}_app_net:3030/ + - AUTH_URL=http://auth.{{STACK}}_{{STACK}}_app_net:4040 + - USER_MANAGEMENT_URL=http://user-mgnt.{{STACK}}_{{STACK}}_app_net:3030/ - CHECK_INVALID_TOKEN=true - - FHIR_URL=http://hearth.{{STACK}}_app_net:3447/fhir + - FHIR_URL=http://hearth.{{STACK}}_{{STACK}}_app_net:3447/fhir deploy: labels: - 'traefik.enable=true' @@ -494,7 +494,7 @@ services: - 'traefik.http.routers.${STACK}__webhooks.tls=true' - 'traefik.http.routers.${STACK}__webhooks.tls.certresolver=certResolver' - 'traefik.http.routers.${STACK}__webhooks.entrypoints=web,websecure' - - 'traefik.docker.network={{STACK}}_dependencies_net' + - 'traefik.docker.network=dependencies_{{STACK}}_dependencies_net' - 'traefik.http.middlewares.${STACK}__webhooks.headers.customresponseheaders.Pragma=no-cache' - 'traefik.http.middlewares.${STACK}__webhooks.headers.customresponseheaders.Cache-control=no-store' - 'traefik.http.middlewares.${STACK}__webhooks.headers.customresponseheaders.X-Robots-Tag=none' @@ -526,14 +526,14 @@ services: - LOGIN_URL=https://login.${STACK}.{{hostname}} - CLIENT_APP_URL=https://register.${STACK}.{{hostname}} - DOMAIN=${STACK}.{{hostname}} - - AUTH_URL=http://auth.{{STACK}}_app_net:4040 - - COUNTRY_CONFIG_URL=http://countryconfig.{{STACK}}_app_net:3040 - - SEARCH_URL=http://search.{{STACK}}_app_net:9090/ - - METRICS_URL=http://metrics.{{STACK}}_app_net:1050 - - USER_MANAGEMENT_URL=http://user-mgnt.{{STACK}}_app_net:3030/ - - FHIR_URL=http://hearth.{{STACK}}_app_net:3447/fhir - - GATEWAY_URL=http://gateway.{{STACK}}_app_net:7070/ - - DOCUMENTS_URL=http://documents.{{STACK}}_app_net:9050 + - AUTH_URL=http://auth.{{STACK}}_{{STACK}}_app_net:4040 + - COUNTRY_CONFIG_URL=http://countryconfig.{{STACK}}_{{STACK}}_app_net:3040 + - SEARCH_URL=http://search.{{STACK}}_{{STACK}}_app_net:9090/ + - METRICS_URL=http://metrics.{{STACK}}_{{STACK}}_app_net:1050 + - USER_MANAGEMENT_URL=http://user-mgnt.{{STACK}}_{{STACK}}_app_net:3030/ + - FHIR_URL=http://hearth.{{STACK}}_{{STACK}}_app_net:3447/fhir + - GATEWAY_URL=http://gateway.{{STACK}}_{{STACK}}_app_net:7070/ + - DOCUMENTS_URL=http://documents.{{STACK}}_{{STACK}}_app_net:9050 - CHECK_INVALID_TOKEN=true deploy: labels: @@ -543,7 +543,7 @@ services: - 'traefik.http.routers.${STACK}__config.tls=true' - 'traefik.http.routers.${STACK}__config.tls.certresolver=certResolver' - 'traefik.http.routers.${STACK}__config.entrypoints=web,websecure' - - 'traefik.docker.network={{STACK}}_dependencies_net' + - 'traefik.docker.network=dependencies_{{STACK}}_dependencies_net' - 'traefik.http.middlewares.${STACK}__config.headers.customresponseheaders.Pragma=no-cache' - 'traefik.http.middlewares.${STACK}__config.headers.customresponseheaders.Cache-control=no-store' - 'traefik.http.middlewares.${STACK}__config.headers.customresponseheaders.X-Robots-Tag=none' @@ -583,7 +583,7 @@ services: - MINIO_HOST=minio - MINIO_PORT=9000 - MINIO_BUCKET=${STACK}--ocrvs - - COUNTRY_CONFIG_URL=http://countryconfig.{{STACK}}_app_net:3040 + - COUNTRY_CONFIG_URL=http://countryconfig.{{STACK}}_{{STACK}}_app_net:3040 networks: - {{STACK}}_app_net - dependencies_{{STACK}}_dependencies_net @@ -598,7 +598,7 @@ services: environment: - QA_ENV=true - NODE_ENV=production - - METRICS_URL=http://metrics.{{STACK}}_app_net:1050 + - METRICS_URL=http://metrics.{{STACK}}_{{STACK}}_app_net:1050 deploy: replicas: 1 labels: @@ -632,7 +632,7 @@ services: - SUPER_USER_PASSWORD=${SUPER_USER_PASSWORD} - STACK=${STACK} - DASHBOARD_MONGO_URL=mongodb://mongo1/${STACK}__performance - - SEARCH_URL=http://search.{{STACK}}_app_net:9090/ + - SEARCH_URL=http://search.{{STACK}}_{{STACK}}_app_net:9090/ - INFLUX_HOST=influxdb - INFLUX_PORT=8086 - INFLUX_DB=${STACK}_ocrvs @@ -721,7 +721,7 @@ services: - 'traefik.http.routers.${STACK}__metabase.tls=true' - 'traefik.http.routers.${STACK}__metabase.tls.certresolver=certResolver' - 'traefik.http.routers.${STACK}__metabase.entrypoints=web,websecure' - - 'traefik.docker.network={{STACK}}_dependencies_net' + - 'traefik.docker.network=dependencies_{{STACK}}_dependencies_net' - 'traefik.http.middlewares.${STACK}__metabase.headers.customresponseheaders.Pragma=no-cache' - 'traefik.http.middlewares.${STACK}__metabase.headers.customresponseheaders.Cache-control=no-store' - 'traefik.http.middlewares.${STACK}__metabase.headers.customresponseheaders.X-Robots-Tag=none' diff --git a/infrastructure/docker-compose.dependencies.yml b/infrastructure/docker-compose.dependencies.yml index 4ecf0041..ab5826d0 100644 --- a/infrastructure/docker-compose.dependencies.yml +++ b/infrastructure/docker-compose.dependencies.yml @@ -12,6 +12,9 @@ services: # Only publish the exact ports that are required for OpenCRVS to work traefik: image: 'traefik:v2.10' + networks: + - traefik_net + - internal_net ports: - target: 80 published: 80 @@ -59,6 +62,9 @@ services: filebeat: image: docker.elastic.co/beats/filebeat:8.14.3 + networks: + - traefik_net + - internal_net user: root configs: @@ -83,6 +89,9 @@ services: metricbeat: image: docker.elastic.co/beats/metricbeat:8.14.3 + networks: + - traefik_net + - internal_net user: root cap_add: - SYS_PTRACE @@ -120,6 +129,9 @@ services: tag: 'metricbeat' setup-kibana-config: image: curlimages/curl:7.88.1 + networks: + - traefik_net + - internal_net entrypoint: [ 'curl', @@ -152,6 +164,9 @@ services: tag: 'setup-kibana-config' kibana: image: docker.elastic.co/kibana/kibana:8.14.3 + networks: + - traefik_net + - internal_net restart: always deploy: labels: @@ -180,6 +195,9 @@ services: # Configure mongo nodes as a replica set mongo1: image: mongo:4.4 + networks: + - traefik_net + - internal_net restart: unless-stopped command: mongod --auth --replSet rs0 --keyFile /etc/mongodb-keyfile hostname: 'mongo1' @@ -214,6 +232,9 @@ services: # Configure redis redis: image: redis:5 + networks: + - traefik_net + - internal_net restart: unless-stopped deploy: @@ -227,6 +248,9 @@ services: # Configure elasticsearch elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:8.14.3 + networks: + - traefik_net + - internal_net restart: unless-stopped volumes: - '/data/elasticsearch:/usr/share/elasticsearch/data' @@ -262,6 +286,9 @@ services: # Configure elasticsearch minio: image: quay.io/minio/minio:RELEASE.2023-09-16T01-01-47Z.fips + networks: + - traefik_net + - internal_net restart: unless-stopped environment: - MINIO_ROOT_USER=${MINIO_ROOT_USER} @@ -298,6 +325,9 @@ services: minio-mc: image: minio/mc + networks: + - traefik_net + - internal_net entrypoint: > /bin/sh -c " /usr/bin/mc admin trace --path ocrvs/* minio @@ -320,6 +350,9 @@ services: elastalert: image: jertel/elastalert2:2.19.0 + networks: + - traefik_net + - internal_net restart: unless-stopped environment: - ES_USERNAME=elastic @@ -343,6 +376,9 @@ services: logstash: image: logstash:8.14.3 + networks: + - traefik_net + - internal_net command: logstash -f /etc/logstash/logstash.conf --verbose ports: - '12201:12201' @@ -365,6 +401,9 @@ services: replicas: 1 apm-server: image: docker.elastic.co/apm/apm-server:7.17.22 + networks: + - traefik_net + - internal_net cap_add: ['CHOWN', 'DAC_OVERRIDE', 'SETGID', 'SETUID'] cap_drop: ['ALL'] restart: always @@ -399,6 +438,9 @@ services: # Configure influxdb influxdb: image: influxdb:1.8.10 + networks: + - traefik_net + - internal_net restart: unless-stopped volumes: - '/data/influxdb:/var/lib/influxdb' @@ -447,3 +489,11 @@ configs: file: /opt/opencrvs/infrastructure/elasticsearch/jvm.options minio-mc-config.{{ts}}: file: /opt/opencrvs/infrastructure/mc-config/config.json + +networks: + traefik_net: + driver: overlay + name: traefik_net + internal_net: + driver: overlay + attachable: true diff --git a/infrastructure/elasticsearch/setup-elastalert-indices.sh b/infrastructure/elasticsearch/setup-elastalert-indices.sh index 6d317730..ccc9f376 100755 --- a/infrastructure/elasticsearch/setup-elastalert-indices.sh +++ b/infrastructure/elasticsearch/setup-elastalert-indices.sh @@ -13,7 +13,7 @@ set -e -docker_command="docker run --rm --network=dependencies_overlay_net curlimages/curl" +docker_command="docker run --rm --network=dependencies_internal_net curlimages/curl" echo 'Waiting for availability of Elasticsearch' ping_status_code=$($docker_command --connect-timeout 60 -u elastic:$ELASTICSEARCH_SUPERUSER_PASSWORD -o /dev/null -w '%{http_code}' "http://elasticsearch:9200") diff --git a/infrastructure/monitoring/kibana/setup-config.sh b/infrastructure/monitoring/kibana/setup-config.sh index 286d1217..89435499 100755 --- a/infrastructure/monitoring/kibana/setup-config.sh +++ b/infrastructure/monitoring/kibana/setup-config.sh @@ -26,7 +26,7 @@ response_text_from_curl_output() { } curl_raw() { - docker run --rm -v /opt/opencrvs/infrastructure/monitoring/kibana/config.ndjson:/config.ndjson --network=dependencies_overlay_net curlimages/curl -s -w "\n%{http_code}" "$@" + docker run --rm -v /opt/opencrvs/infrastructure/monitoring/kibana/config.ndjson:/config.ndjson --network=dependencies_internal_net curlimages/curl -s -w "\n%{http_code}" "$@" } parse_url_from_string() { @@ -71,7 +71,7 @@ curl() { } jq() { - docker run --rm -i --network=dependencies_overlay_net ghcr.io/jqlang/jq "$@" + docker run --rm -i --network=dependencies_internal_net ghcr.io/jqlang/jq "$@" } # Initial API status check to ensure Kibana is ready diff --git a/infrastructure/port-forward.sh b/infrastructure/port-forward.sh index 00546392..995ecec6 100755 --- a/infrastructure/port-forward.sh +++ b/infrastructure/port-forward.sh @@ -34,6 +34,6 @@ echo -e "Internal socat Port on Host: ${GREEN}$SOCAT_PORT${NC}" echo -e "Socat Container Name: ${GREEN}$CONTAINER_NAME${NC}" ssh -tL $LOCAL_PORT:localhost:$SOCAT_PORT $SSH_USER@$TARGET_SERVER \ -'docker run --rm --name '$CONTAINER_NAME' --network=dependencies_overlay_net --publish '$SOCAT_PORT:$SOCAT_PORT' alpine/socat tcp-listen:'$SOCAT_PORT',fork,reuseaddr tcp-connect:'$TARGET_CONTAINER_NAME:$PORT'' +'docker run --rm --name '$CONTAINER_NAME' --network=dependencies_internal_net --publish '$SOCAT_PORT:$SOCAT_PORT' alpine/socat tcp-listen:'$SOCAT_PORT',fork,reuseaddr tcp-connect:'$TARGET_CONTAINER_NAME:$PORT'' echo -e "${GREEN}Port forwarding established and tunnel is online! Press Ctrl+C to close.${NC}"